Thread: Unknown problem! please help!
View Single Post
Old 05-02-2007, 09:42 AM   #9 (permalink)
4u111
Registered User
 
Join Date: Oct 2006
Posts: 174
OS: WINXP HE


Send a message via MSN to 4u111
Re: Unknown problem! please help!
hi thanx for helping me.

here are the results:


SDFix: Version 1.81

Run by Sleiman Hassan - Thu 05/03/2007 - 1:19:30.09

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\offlog.txt - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\BitComet\\BitComet.exe"="D:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Windows.old\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Windows.old\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"D:\\games 1\\civ\\Conquests\\Civ3Conquests.exe"="D:\\games 1\\civ\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"D:\\games 1\\counter strike\\SteamApps\\dodger350\\counter-strike\\hl.exe"="D:\\games 1\\counter strike\\SteamApps\\dodger350\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\CRS-MegaDev\MegaTrainer XL\mfc71.dll
C:\Program Files\CRS-MegaDev\MegaTrainer XL\mfc71u.dll
C:\Program Files\CRS-MegaDev\MegaTrainer XL\msvcr71.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished


"Sleiman Hassan" - 07-05-03 1:28:56 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Sleiman Hassan\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Spyware Doctor\Cracked\_desktop.ini
C:\DOCUME~1\SLEIMA~1\Desktop\internet.lnk


((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))


2007-05-03 01:20 380,416 --a------ C:\WINDOWS\system32\rstrui.exe
2007-05-02 17:05 <DIR> d-------- C:\Deckard
2007-05-02 16:59 <DIR> d-------- C:\ie-spyad_zo
2007-05-02 16:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-02 15:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-02 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-01 16:15 <DIR> d-------- C:\Program Files\Trojancheck 6
2007-04-28 16:01 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-04-26 18:11 <DIR> d-------- C:\Program Files\XoftSpySE
2007-04-25 08:04 7,551 --a------ C:\WINDOWS\system32\drivers\U3sHlpDr.sys
2007-04-25 06:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\My Games
2007-04-23 10:12 208,229 --a------ C:\WINDOWS\rootkit.dll
2007-04-23 10:06 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-04-23 10:06 208,229 --a------ C:\WINDOWS\shdef.exe
2007-04-23 02:08 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-04-23 02:08 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-04-23 02:08 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-04-23 02:08 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-04-23 02:05 69,504 -ra------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2007-04-23 02:05 <DIR> d-------- C:\Program Files\Intel
2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-04-22 21:26 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\AVS Video Converter
2007-04-22 21:18 <DIR> d-------- C:\Program Files\MagicDVDRipper
2007-04-22 21:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pegasys Inc
2007-04-22 21:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\TMPGEncDVDAuthor3
2007-04-22 21:07 53,248 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2007-04-22 21:07 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-04-22 21:07 118,784 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2007-04-22 21:03 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-04-22 20:59 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Pegasys Inc
2007-04-22 20:30 <DIR> d-------- C:\Program Files\AC3Filter
2007-04-22 20:28 129,024 --a------ C:\WINDOWS\UNWISE.EXE
2007-04-22 20:28 <DIR> d-------- C:\audio
2007-04-22 17:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\DivX
2007-04-22 17:13 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-04-22 17:13 <DIR> d-------- C:\Program Files\DivX
2007-04-22 17:07 <DIR> d-------- C:\Program Files\Xvid
2007-04-22 16:50 <DIR> d-------- C:\Program Files\Easy Video Splitter
2007-04-22 03:49 <DIR> d-------- C:\Program Files\AVI MPEG Splitter
2007-04-22 03:48 <DIR> d-------- C:\Boilsoft ASF Converter
2007-04-21 03:57 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-04-21 03:57 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-04-21 03:57 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-04-21 03:57 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-04-21 03:57 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-04-21 03:57 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-04-20 13:32 <DIR> d-------- C:\Program Files\Symbian OS Tools
2007-04-20 13:32 <DIR> d-------- C:\Program Files\Common Files\Symbian
2007-04-20 05:31 <DIR> d-------- C:\Program Files\vso
2007-04-20 02:59 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-20 02:53 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\VersionTracker Pro
2007-04-20 02:46 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-04-19 10:05 <DIR> d-------- C:\Program Files\dvdSanta
2007-04-19 06:33 <DIR> d-------- C:\Program Files\TechSmith
2007-04-19 06:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-04-19 06:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-19 05:47 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2007-04-19 02:02 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Nokia Multimedia Player
2007-04-18 03:21 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Image Zone Express
2007-04-15 09:44 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-04-15 07:39 <DIR> d-------- C:\Program Files\Sonic
2007-04-15 07:39 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-15 06:58 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-04-15 06:58 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-04-15 06:58 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\PC Suite
2007-04-14 08:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-04-11 10:09 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Google
2007-04-11 10:08 <DIR> d-------- C:\Program Files\Google
2007-04-10 09:39 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-04-08 21:54 2,634 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-08 21:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-08 20:27 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\Lavasoft
2007-04-08 17:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-04-08 17:28 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-08 17:00 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-04-08 17:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-04-08 16:37 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-08 16:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-08 16:37 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-08 16:37 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-08 16:37 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-08 16:37 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-08 16:37 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-08 16:37 <DIR> d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\PC Tools
2007-04-05 13:59 <DIR> d-------- C:\Downloads
2007-04-05 13:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-04-05 13:48 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-04-05 13:48 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-04-05 13:48 <DIR> d-------- C:\Program Files\DIFX
2007-04-05 13:48 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-04-05 13:48 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-04-05 13:47 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-04-05 13:47 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-04-05 13:47 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-04-05 13:47 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-04-05 13:47 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-04-05 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-02 15:51 -------- d-------- C:\Program Files\itunes
2007-04-28 17:54 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\vso
2007-04-23 02:04 -------- d--h----- C:\Program Files\installshield installation information
2007-04-21 04:38 -------- d-------- C:\Program Files\nokia
2007-04-20 12:58 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\pc suite
2007-04-20 08:07 781 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\nmm-metadata.db
2007-04-20 05:27 -------- d-------- C:\Program Files\clonedvd
2007-04-19 14:41 87608 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\ezpinst.exe
2007-04-19 14:41 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-19 14:41 47360 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.sys
2007-04-19 14:41 34 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.log
2007-04-19 14:41 1144 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.inf
2007-04-19 14:41 1074 --a------ C:\DOCUME~1\SLEIMA~1\APPLIC~1\pcouffin.cat
2007-04-15 07:39 -------- d-------- C:\Program Files\roxio
2007-04-15 07:39 -------- d-------- C:\Program Files\Common Files\roxio shared
2007-04-12 10:46 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:08 -------- d-------- C:\Program Files\Common Files\installshield
2007-04-08 16:33 -------- d-------- C:\Program Files\mtv networks
2007-03-31 20:46 90112 --a------ C:\WINDOWS\system32\agsaami.dll
2007-03-31 20:46 610304 --a------ C:\WINDOWS\system32\agsaamg.dll
2007-03-31 20:46 372736 --a------ C:\WINDOWS\system32\agsaamc.dll
2007-03-31 20:46 26 --a------ C:\WINDOWS\system32\kakle.dll
2007-03-31 20:46 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll
2007-03-31 20:46 1986560 --a------ C:\WINDOWS\system32\akll.dll
2007-03-31 20:46 196608 --a------ C:\WINDOWS\system32\maag.dll
2007-03-31 20:46 1245184 --a------ C:\WINDOWS\system32\bkll.dll
2007-03-31 20:46 1212416 --a------ C:\WINDOWS\system32\ckll.dll
2007-03-31 20:46 -------- d-------- C:\Program Files\real_sc
2007-03-30 22:00 -------- d-------- C:\Program Files\online services
2007-03-30 18:26 -------- d-------- C:\Program Files\windows media connect 2
2007-03-30 17:34 -------- d-------- C:\Program Files\ahead
2007-03-27 17:55 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 17:55 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-27 17:55 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-22 21:45 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-03-22 21:45 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\dvdxstudio
2007-03-20 11:37 831048 --a------ C:\WINDOWS\system32\wudfupdate_01005.dll
2007-03-19 23:28 -------- d-------- C:\Program Files\quicktime
2007-03-19 23:28 -------- d-------- C:\Program Files\ipod
2007-03-19 23:27 -------- d-------- C:\Program Files\apple software update
2007-03-19 21:54 -------- d-------- C:\Program Files\wtm cd protect
2007-03-18 23:19 -------- d-------- C:\Program Files\crs-megadev
2007-03-18 22:05 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\real
2007-03-18 22:01 -------- d-------- C:\Program Files\real
2007-03-18 22:01 -------- d-------- C:\Program Files\Common Files\xing shared
2007-03-18 22:01 -------- d-------- C:\Program Files\Common Files\real
2007-03-18 21:42 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\dev-cpp
2007-03-17 23:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 16:31 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\leadertech
2007-03-17 13:33 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-16 16:15 -------- d-------- C:\Program Files\poweriso
2007-03-16 11:39 -------- d-------- C:\Program Files\msxml 4.0
2007-03-15 16:52 -------- d-------- C:\Program Files\winavivideoconverter
2007-03-14 16:49 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\datalayer
2007-03-14 15:42 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\hp
2007-03-14 15:41 110045 --a------ C:\WINDOWS\hpoins08.dat
2007-03-14 15:29 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2007-03-14 13:02 -------- d-------- C:\DOCUME~1\SLEIMA~1\APPLIC~1\roxio
2007-03-13 16:09 -------- d-------- C:\Program Files\winamp
2007-03-13 03:53 62 --ahs---- C:\DOCUME~1\SLEIMA~1\APPLIC~1\desktop.ini
2007-03-13 03:53 -------- d-------- C:\Program Files\Common Files\speechengines
2007-03-13 03:53 -------- d-------- C:\Program Files\Common Files\odbc
2007-03-12 23:43 -------- d-------- C:\Program Files\msbuild
2007-03-12 23:43 -------- d-------- C:\Program Files\microsoft works
2007-03-12 23:31 -------- d-------- C:\Program Files\nero
2007-03-12 20:26 -------- d-------- C:\Program Files\ati technologies
2007-03-12 20:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-12 20:03 -------- d-------- C:\Program Files\messenger
2007-03-12 16:36 -------- d-------- C:\Program Files\trend micro
2007-03-12 16:08 -------- d-------- C:\Program Files\microsoft frontpage
2007-03-12 16:07 -------- d--h----- C:\Program Files\windowsupdate
2007-03-12 16:06 -------- d-------- C:\Program Files\Common Files\mssoap
2007-03-12 16:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-12 16:05 -------- d-------- C:\Program Files\movie maker
2007-03-12 16:04 -------- d-------- C:\Program Files\msn gaming zone
2007-03-09 01:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-09 01:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-09 01:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 23:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-06 06:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} \\HIME-C868A76915\ntfolder\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RegistryMechanic"=""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"shdef"="C:\\WINDOWS\\shdef.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 01:34:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-03 1:34:15
C:\ComboFix-quarantined-files.txt ... 07-05-03 01:34
Attached Files
File Type: txt SDFix.txt Report.txt (6.8 KB, 2 views)
File Type: txt ComboFix.txt (16.6 KB, 2 views)
__________________
1010011 1101101 1101001 1101100 1100101
Last edited by Ried; 05-02-2007 at 10:45 AM.
4u111 is offline